Hackers used the Roskomnadzor registry for attacks on Yandex

Yandex and several other major Russian resources a few days ago were subjected to a powerful DNS-attack. The attackers used vulnerabilities in the system of blocking sites.

"Any company and any website can suffer from such actions, " said a representative of the Press Service of Yandex.

The reason for the attack was a discovered vulnerability in the blocking system of Roskomnadzor websites. The criminals carried out the attack using DNS by changing the entries in the domain name system. They linked the addresses of new attacked sites with already blocked domains. So they managed to restrict access to the pages.

As a result, some user services were extremely slow. This was due to the fact that many operators carried out all traffic to these pages through a system of the Deep Packet Inspection — DPI. The blocking of IP-addresses of the company Yandex was avoided, as the employees of the organization successfully repelled the attack for several days. The publication suggested that the hacker attack could be associated with the adoption of the law on the sustainability of the Runet: the problems were fixed during the rally.

The vulnerability exploited by the attackers has been known since 2017.

*Russian Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications (Roskomnadzor)